Skills2026年5月16日·1 分钟阅读

Vuls — Agent-less Vulnerability Scanner for Linux and Containers

An open-source, agent-less vulnerability scanner written in Go that detects known vulnerabilities in Linux, FreeBSD, containers, and application dependencies by correlating installed packages with multiple CVE databases.

Agent 就绪

Agent 可直接安装

这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。

Native · 98/100策略:允许
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
Vuls Overview
直接安装命令
npx -y tokrepo@latest install 4dbf5097-5121-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run 确认安装计划,再运行此命令。

Introduction

Vuls is an agent-less vulnerability scanner that connects to Linux and FreeBSD servers via SSH, inventories installed packages, and cross-references them against NVD, OVAL, and distro-specific advisory databases. It detects unpatched CVEs without installing agents on target hosts, making it practical for scanning large fleets with minimal operational overhead.

What Vuls Does

  • Scans remote servers via SSH without installing any agent software on targets
  • Correlates installed OS packages and application libraries against NVD, OVAL, and vendor advisories
  • Detects vulnerabilities in containers by scanning Docker images and running containers
  • Supports scanning application dependencies (WordPress plugins, Python packages, Node modules)
  • Generates prioritized reports with CVSS scores, affected packages, and remediation guidance

Architecture Overview

Vuls consists of a scanner, a report generator, and a vulnerability database fetcher. The scanner SSHes into targets, runs package manager queries (dpkg, rpm, pkg), and collects installed versions. The fetcher downloads and indexes CVE data from NVD, OVAL, Debian/Ubuntu/Red Hat advisories into a local database. The report engine matches installed versions against known vulnerable ranges and produces JSON, HTML, or terminal output with severity rankings.

Self-Hosting & Configuration

  • Install the single Go binary; no runtime dependencies beyond SSH access to targets
  • Configure targets in config.toml with SSH connection details and optional sudo settings
  • Fetch vulnerability databases with vuls fetch before first scan (supports incremental updates)
  • Schedule scans via cron and pipe results to Slack, email, or webhook notifications
  • Use VulsRepo (companion web UI) to browse historical scan results and track remediation progress

Key Features

  • Agent-less scanning requires only SSH access and read permissions on package databases
  • Multi-database correlation (NVD, OVAL, Debian, Ubuntu, Red Hat, Amazon Linux, SUSE)
  • Container scanning for Docker images without running them
  • CVSS-based severity ranking with exploitability indicators from CISA KEV catalog
  • Integration with Slack, email, Syslog, and custom webhooks for alerting

Comparison with Similar Tools

  • Trivy — scans container images and filesystems with bundled database; Vuls focuses on live server scanning via SSH
  • OpenVAS — full vulnerability assessment suite with active network probing; Vuls is lighter and package-focused without intrusive scanning
  • Qualys/Nessus — commercial vulnerability management platforms; Vuls is free, open-source, and self-hosted
  • OSV-Scanner — focused on open-source dependency vulnerabilities; Vuls covers both OS packages and application dependencies

FAQ

Q: Does Vuls require root access on scanned servers? A: No. It needs read access to package manager databases. Sudo is optional and only needed for specific advanced checks like changelog parsing.

Q: How often should I update the vulnerability databases? A: Daily fetches are recommended. NVD and vendor advisories publish new CVEs continuously, and stale databases will miss recent disclosures.

Q: Can Vuls scan Windows servers? A: No. Vuls targets Linux, FreeBSD, and their container ecosystems. For Windows vulnerability scanning, consider tools like Windows Update or commercial solutions.

Q: How does Vuls handle false positives? A: Vuls matches exact package versions against advisory data. False positives are rare but can occur with backported patches; use distro-specific OVAL data to minimize them.

Sources

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产